@pugi/cli 0.1.0-beta.99 → 1.0.0-alpha.2

package/dist/core/audit/audit-trail.js

@@ -1,275 +0,0 @@
-/**
- * Tenant-wide JSONL audit trail .
- *
- * Pugi already records every tool_call / tool_result in two places:
- *
- *  1. The global per-workspace log at `<workspace>/.pugi/events.jsonl`
- *     (audit-replay source of truth; see `core/session.ts`).
- *  2. The per-session mirror at
- *     `<workspace>/.pugi/sessions/<sessionId>/events.jsonl`
- *     (operator-friendly per-run copy, see `native-pugi.ts`).
- *
- * Both live under the workspace directory and disappear when the
- * operator wipes the workspace or runs many ephemeral sandboxes.
- * What's missing is a TENANT-wide structured audit log: a single
- * append-only NDJSON stream per (tenant, workspace) pair that the
- * operator (or a SOC pipeline) can tail across every session over
- * the lifetime of the host.
- *
- * Spec :
- *
- *  - Path: `~/.pugi/audit/<tenant>/<workspace-slug>-<hash>.jsonl`
- *  - One JSON line per event with shared shape:
- *    `{ ts, tenant, workspace, workspaceHash, event, sessionId, data }`
- *  - Events covered: `tool_call`, `tool_result`, `dispatch_start`,
- *    `dispatch_end`, `permission_denied`, `auto_compact`,
- *    `budget_exhausted`.
- *  - Append-only — no rotation logic. Operators wire `logrotate`
- *    themselves if they want size caps.
- *  - Opt-out: `PUGI_AUDIT_TRAIL_DISABLE=1`.
- *  - Failures NEVER throw. Audit MUST NOT break a dispatch.
- *  - Tenant fallback: when `PUGI_API_KEY` is unset, tenant is `local`.
- *
- * Why duplicate the per-session log on disk:
- *
- *  The per-session mirror clusters by `sessionId` (one dir per run).
- *  To answer "what did this tenant DO across every session this week
- *  from this workspace" an operator otherwise has to glob hundreds of
- *  session dirs and merge by timestamp. The audit trail flattens that
- *  into one tail-able stream per (tenant, workspace) — same shape an
- *  ops pipeline would expect from a hosted log surface.
- */
-import { appendFileSync, mkdirSync } from 'node:fs';
-import { createHash } from 'node:crypto';
-import { homedir } from 'node:os';
-import { basename, dirname, join, resolve } from 'node:path';
-import { collectStrings, scanForInjection, summarizeFindings, } from '../security/injection-scanner.js';
-/**
- * Opt-out env var. Mirrors the convention every other Pugi feature uses
- * (`PUGI_BARE`, `PUGI_AGENTMEMORY_RECALL_ENABLED=false`, etc.).
- * Operators set this when they pipe the CLI through a sandbox that
- * already captures audit upstream and they want to skip the duplicate.
- */
-export const PUGI_AUDIT_TRAIL_DISABLE_VAR = 'PUGI_AUDIT_TRAIL_DISABLE';
-/**
- * Tenant fallback used when the operator has not exported
- * `PUGI_API_KEY`. The audit trail still flows — it just lives under
- * `~/.pugi/audit/local/...` so a single-user workstation gets a useful
- * forensic log without needing API-key plumbing.
- */
-export const LOCAL_TENANT_FALLBACK = 'local';
-/**
- * Sanitize the workspace basename to a safe filesystem slug:
- * lowercase a-z + 0-9 + `-`. Anything else collapses to `-`. We avoid
- * the empty case (root workspace) by falling back to `workspace`.
- *
- * Why not a hash here too: the hash is appended separately so two
- * workspaces with the same basename (e.g. two clones of the same repo
- * sitting in different parent dirs) get distinct files. The slug is
- * the human-readable half operators eyeball at `ls ~/.pugi/audit/...`.
- */
-export function sanitizeWorkspaceSlug(workspaceRoot) {
-    const base = basename(resolve(workspaceRoot));
-    const sanitized = base
-        .toLowerCase()
-        .replace(/[^a-z0-9-]+/g, '-')
-        .replace(/-+/g, '-')
-        .replace(/^-|-$/g, '');
-    return sanitized.length > 0 ? sanitized : 'workspace';
-}
-/**
- * Stable, anonymous workspace handle. We use the FIRST 8 hex of
- * sha256(workspaceRoot). 8 hex = 32 bits = ~4 billion buckets, more
- * than enough to disambiguate `~/code/foo` from `~/other/foo` on the
- * same host without leaking the absolute path through the file name.
- *
- * The hash is over the RESOLVED path so symlink trickery cannot point
- * two different audit streams at the same file by accident.
- */
-export function computeWorkspaceHash(workspaceRoot) {
-    return createHash('sha256')
-        .update(resolve(workspaceRoot))
-        .digest('hex')
-        .slice(0, 8);
-}
-/**
- * Derive the tenant slug from `PUGI_API_KEY`. We hash the key (sha256,
- * 12 hex prefix) rather than emitting the raw key — the audit trail is
- * a plaintext file on the local FS and the tenant slug shows up in
- * every path under `~/.pugi/audit/`. A truncated hash is enough to
- * cluster every (tenant, workspace) over time without leaking the key
- * if the operator accidentally `tar`s their `~/.pugi` for support.
- *
- * The hash is purely a CLI-local clustering key — the runtime backend
- * has its own (different) tenant identifier and never sees this.
- */
-export function resolveTenant(env = process.env) {
-    const key = env.PUGI_API_KEY?.trim();
-    if (!key)
-        return LOCAL_TENANT_FALLBACK;
-    // 12 hex = 48 bits — enough disambiguation for any realistic per-host
-    // tenant cardinality; still short enough for operators to eyeball at
-    // `ls ~/.pugi/audit/`.
-    return createHash('sha256').update(key).digest('hex').slice(0, 12);
-}
-/**
- * Resolve the audit file path for a given (tenant, workspace) pair.
- * Pure path arithmetic — the caller is responsible for `mkdir -p`
- * before append (handled inside `writeAuditEvent`).
- */
-export function resolveAuditPath(workspaceRoot, tenant, home = homedir()) {
-    const slug = sanitizeWorkspaceSlug(workspaceRoot);
-    const hash = computeWorkspaceHash(workspaceRoot);
-    return join(home, '.pugi', 'audit', tenant, `${slug}-${hash}.jsonl`);
-}
-/**
- * Predicate: is the audit trail disabled via env opt-out?
- *
- * Accept `1`, `true`, `yes` (case-insensitive) as positive; anything
- * else — including `0`, `false`, `''`, and the var being absent — keeps
- * the trail enabled. Mirrors the convention used in `bare-mode/` and
- * elsewhere in the CLI.
- */
-export function isAuditDisabled(env = process.env) {
-    const raw = env[PUGI_AUDIT_TRAIL_DISABLE_VAR]?.trim().toLowerCase();
-    if (!raw)
-        return false;
-    return raw === '1' || raw === 'true' || raw === 'yes';
-}
-/**
- * Append a single audit event to the per-tenant per-workspace NDJSON
- * trail. Never throws — failures (FS unwritable, opt-out, malformed
- * input) are silently swallowed so a misconfigured audit surface
- * cannot break a dispatch. The engine adapter's existing per-session
- * mirror remains intact as a redundant copy.
- *
- * Append-only: every call writes exactly one line. No rotation, no
- * truncation. Operators wire `logrotate` if they want size caps.
- *
- * macOS hardening: we `mkdir -p` the parent dir on every call (cheap
- * in practice — Node short-circuits when the dir exists) so a manual
- * `rm -rf ~/.pugi/audit/<tenant>/` between runs does not turn the next
- * append into ENOENT. The mode is `0o700` for the tenant dir and
- * `0o600` for the JSONL file so curious users on a shared host cannot
- * read another tenant's trail.
- */
-export function writeAuditEvent(input) {
-    const env = input.env ?? process.env;
-    if (isAuditDisabled(env))
-        return;
-    try {
-        const tenant = (input.tenant?.trim() || resolveTenant(env)) || LOCAL_TENANT_FALLBACK;
-        const home = input.home ?? homedir();
-        const path = resolveAuditPath(input.workspaceRoot, tenant, home);
-        const now = input.now ? input.now() : new Date().toISOString();
-        const envelope = {
-            ts: now,
-            tenant,
-            workspace: sanitizeWorkspaceSlug(input.workspaceRoot),
-            workspaceHash: computeWorkspaceHash(input.workspaceRoot),
-            event: input.event,
-            sessionId: input.sessionId,
-            data: input.data,
-        };
-        try {
-            mkdirSync(dirname(path), { recursive: true, mode: 0o700 });
-        }
-        catch {
-            // mkdir failure is silent — the appendFileSync below will surface
-            // the real error and the outer catch swallows it. We still try
-            // the write so EEXIST on the dir (the only real path here) does
-            // not block the append.
-        }
-        appendFileSync(path, `${JSON.stringify(envelope)}\n`, {
-            encoding: 'utf8',
-            mode: 0o600,
-        });
-        // Injection scan (ported an external utility,
-        // Apache-2.0). Wrap the OUTBOUND `data` payload through the
-        // scanner. Findings emit a SECOND audit line of type
-        // `injection_detected` so an operator (or SOC pipeline) sees a
-        // structured, append-only record without losing the original
-        // event. Never blocks the write — hard-block requires a separate
-        // CEO-signed PR.
-        //
-        // Recursion guard: the `injection_detected` event itself carries
-        // matched substrings (intentional — they are the evidence). We
-        // skip scanning it to avoid an infinite loop of self-detections.
-        if (input.event !== 'injection_detected') {
-            const findings = scanAuditPayload(input.data);
-            if (findings.length > 0) {
-                emitInjectionDetected({
-                    findings,
-                    triggeringEvent: input.event,
-                    sessionId: input.sessionId,
-                    workspaceRoot: input.workspaceRoot,
-                    tenant: input.tenant,
-                    env: input.env,
-                    home: input.home,
-                    now: input.now,
-                });
-            }
-        }
-    }
-    catch {
-        // Audit failures must NEVER break a dispatch. The session log + the
-        // per-session mirror under `<workspace>/.pugi/` remain as redundant
-        // surfaces. A future telemetry pass can surface the failure count
-        // via the doctor probe; for now silent no-op is the contract.
-    }
-}
-/**
- * Fold the audit `data` payload into a single string and scan it for
- * prompt-injection / invisible-unicode / secret markers. Returns the
- * empty array on clean payloads.
- *
- * Exported for the spec — the scanner module owns the algorithm, this
- * helper owns the payload-walking glue.
- */
-export function scanAuditPayload(data) {
-    // Fold every string anywhere in the payload (keys included) into a
-    // single buffer separated by NULs. NUL keeps regex anchors honest
-    // (no accidental cross-field match for a `^system:` pattern) without
-    // adding bytes that themselves could become a pattern.
-    const fragments = collectStrings(data);
-    if (fragments.length === 0)
-        return [];
-    const joined = fragments.join('\0');
-    return scanForInjection(joined);
-}
-/**
- * Build the `injection_detected` envelope payload and recurse into
- * `writeAuditEvent` to append it. The recursion is bounded — the
- * recursion guard in `writeAuditEvent` short-circuits on the
- * `injection_detected` event so we never re-scan ourselves.
- */
-function emitInjectionDetected(input) {
-    const summary = summarizeFindings(input.findings);
-    // Cap the findings array in the audit line so a payload with
-    // hundreds of invisible-unicode hits does not bloat the JSONL row.
-    // The summary still carries `total` so operators see the real count.
-    const MAX_FINDINGS_PER_EVENT = 32;
-    const truncated = input.findings.length > MAX_FINDINGS_PER_EVENT;
-    const capped = truncated
-        ? input.findings.slice(0, MAX_FINDINGS_PER_EVENT)
-        : [...input.findings];
-    writeAuditEvent({
-        event: 'injection_detected',
-        sessionId: input.sessionId,
-        workspaceRoot: input.workspaceRoot,
-        tenant: input.tenant,
-        env: input.env,
-        home: input.home,
-        now: input.now,
-        data: {
-            triggeringEvent: input.triggeringEvent,
-            summary,
-            findings: capped,
-            truncated,
-            // External attribution is recorded inline so a SOC pipeline
-            // grepping for the upstream project name lands here.
-            detector: 'external-injection-patterns',
-        },
-    });
-}
-//# sourceMappingURL=audit-trail.js.map

package/dist/core/auth/ensure-authenticated.js

@@ -1,129 +0,0 @@
-/**
- * UX — `ensureAuthenticated` helper.
- *
- * Auto-login pre-flight for every Pugi command that needs an Anvil
- * credential. Before this helper landed, cold-start without a stored
- * credential surfaced a generic "Login required" message and the
- * operator had к run `pugi login` separately, which broke the muscle-
- * memory of "open terminal, type the command, see the answer".
- *
- * The helper exposes a single contract: `ensureAuthenticated(opts)`.
- * On a happy path (credential resolves) it returns the credential.
- * On a cold-start it either:
- *
- *  - launches the device-flow login inline (interactive TTY only,
- *    `--no-login` not set), waits for completion, then re-resolves
- *    the credential and returns it. The surrounding command continues
- *    transparently;
- *  - returns `{ status: 'missing' }` with a reason describing why no
- *    auto-login was attempted (non-interactive, opted-out, or login
- *    aborted by user). The caller bails with a clean message.
- *
- * Cross-command parity: the helper is wired into every command that
- * needs auth (engine commands `code`/`fix`/`build`/`explain`/`plan`,
- * plus `sync`, `chain new`, `smoke`, `review`, `deploy`, ...). The
- * previous patchwork of `resolveActiveCredential() ?? throw` /
- * `if (!config) writeOutput unauthenticated` calls now all funnel
- * through here so future auth changes are one-edit.
- *
- * Session cache: the helper caches the resolved credential per-process.
- * A second command in the same process never re-launches login even if
- * the operator deletes credentials.json mid-run (that is a footgun, not
- * a supported use case — the cached credential is still valid because
- * the auth token in memory has not been revoked).
- *
- * Framework-free: the actual login call is injected via the `login`
- * callback. The CLI passes a closure that calls
- * `performDeviceFlowLogin` (or the interactive picker for token /
- * env). The spec passes a fake that flips an in-memory env var so
- * subsequent `resolveActiveCredential` calls see a credential.
- */
-/**
- * Process-local cache of resolved credentials. Keyed by `apiUrl` so a
- * future `pugi accounts switch` invocation does not return stale data
- * (different apiUrl → cache miss). Cache is additive-only.
- */
-const credentialCache = new Map();
-/**
- * Reset the cache. Exported for spec teardown — production callers
- * never need this.
- */
-export function resetAuthenticatedCache() {
-    credentialCache.clear();
-}
-/**
- * Auth pre-flight. Returns the resolved credential or a structured
- * `missing` envelope. The cached path skips the `resolve()` callback
- * entirely — useful when `resolveActiveCredential` is expensive
- * (filesystem read of ~/.pugi/credentials.json + Zod parse).
- *
- * Headless contract: even on a TTY, when `headless === true` the
- * helper bails with `non_interactive`. Reason: a browser-popup login
- * in the middle of an automated stdin → engine → stdout loop would
- * silently freeze the run.
- */
-export async function ensureAuthenticated(opts) {
-    // Resolve once. Cache by the resolved apiUrl so a subsequent call
-    // after `pugi accounts switch` produces a fresh resolution.
-    const initial = opts.resolve();
-    if (initial) {
-        credentialCache.set(initial.apiUrl, initial);
-        return { status: 'ready', credential: initial };
-    }
-    if (opts.skip) {
-        return {
-            status: 'missing',
-            reason: 'disabled',
-            detail: 'Authentication skipped (--no-login or PUGI_NO_AUTO_LOGIN). Run `pugi login` to authenticate.',
-        };
-    }
-    if (opts.headless) {
-        return {
-            status: 'missing',
-            reason: 'non_interactive',
-            detail: 'Headless mode cannot launch browser-popup login. Run `pugi login` once with a TTY, then re-run with --headless.',
-        };
-    }
-    if (!opts.interactive) {
-        return {
-            status: 'missing',
-            reason: 'non_interactive',
-            detail: 'No credential found and stdin is not a TTY. Run `pugi login` with a TTY OR set PUGI_API_KEY before invoking Pugi in CI.',
-        };
-    }
-    const write = opts.write ?? ((line) => process.stderr.write(line));
-    write('No Pugi credential found. Launching login...\n');
-    let succeeded;
-    try {
-        succeeded = await opts.login();
-    }
-    catch (error) {
-        return {
-            status: 'missing',
-            reason: 'login_failed',
-            detail: `Login failed: ${error.message ?? String(error)}`,
-        };
-    }
-    if (!succeeded) {
-        return {
-            status: 'missing',
-            reason: 'login_cancelled',
-            detail: 'Authentication required to continue. Run `pugi login` when ready.',
-        };
-    }
-    // Re-resolve. If a successful login was reported but no credential
-    // landed on disk, surface that as `login_failed` rather than a
-    // silent miss — would otherwise produce a confusing "you said it
-    // worked but I still see nothing" loop.
-    const resolved = opts.resolve();
-    if (!resolved) {
-        return {
-            status: 'missing',
-            reason: 'login_failed',
-            detail: 'Login reported success but no credential persisted. Check `pugi whoami`.',
-        };
-    }
-    credentialCache.set(resolved.apiUrl, resolved);
-    return { status: 'ready', credential: resolved };
-}
-//# sourceMappingURL=ensure-authenticated.js.map

package/dist/core/auth/env-provider.js

@@ -1,238 +0,0 @@
-/**
- * `pugi login --provider env` — env-var auth path ().
- *
- * the upstream tool, peer CLI, and gh CLI all ship a way to authenticate via
- * an environment variable so CI / container / scripted contexts can
- * skip the device flow entirely. This module backs that path:
- *
- *  1. Resolve the candidate token (explicit `--key` flag beats
- *     `PUGI_API_KEY` env — same precedence as `gh auth login --token`).
- *  2. Run a cheap local format check so an obviously malformed key
- *     (empty, whitespace, suspiciously short) fails fast WITHOUT
- *     shipping it to the server (no observability leak into the
- *     Anvil access log).
- *  3. Call `GET /api/pugi/health` with `Authorization: Bearer <key>`
- *     so an expired / revoked / typo'd token surfaces immediately
- *     and the credential file never lands on disk for a dead key.
- *  4. Map response to typed outcome the CLI dispatcher can render.
- *
- * The module is intentionally pure — fetch + reading env are injected,
- * the writer is a separate concern. The CLI dispatcher composes
- * `resolveEnvCandidateToken` + `assertTokenFormat` + `validateTokenAgainstHealth`
- * and then writes the credential via `storeApiKey` on success.
- *
- * Failure modes are explicit so the dispatcher can pick the user-facing
- * remediation string without re-parsing strings:
- *
- *  - `missing`         → no token in env or --key, halt with hint
- *  - `invalid-format`  → token failed local format check, halt
- *  - `unauthorized`    → server rejected the token (401 / 403)
- *  - `network-error`   → fetch threw (DNS, refused, TLS)
- *  - `server-error`    → server returned 5xx (transient — operator
- *                         may want to retry once)
- *  - `unexpected-status`→ anything else non-2xx (treat as failure)
- *
- * NEVER log the raw token. Memory hits
- * `feedback_no_claude_attribution_anywhere_hard_rule` plus the
- * CSO bearer-leak sweep apply here. Use `maskApiKey` from
- * `core/credentials.ts` when the dispatcher needs to surface the key
- * to the operator.
- */
-/**
- * The minimum length below which we refuse to even ship the token to
- * the server. Pugi-issued PATs are 48+ chars (`pugi_<32 base32>`), JWTs
- * issued by the device flow are ~250 chars, legacy `sk-*` PATs we
- * accept for compatibility are 32+. 16 is well below all three real
- * shapes so it only catches obvious paste mistakes.
- */
-export const MIN_TOKEN_LENGTH = 16;
-/**
- * The set of prefixes we recognise as plausibly-real Pugi-shaped
- * tokens. Loose by design — the real validator is the server-side
- * health probe. We just want to catch an operator who pasted the
- * wrong string entirely (a username, a URL, a placeholder like
- * "<your-key>") before it reaches the network.
- *
- * Three-segment JWTs are also accepted via the `looksLikeJwt`
- * predicate so device-flow tokens copied out of `~/.pugi/credentials.json`
- * on a different machine work.
- */
-export const RECOGNISED_TOKEN_PREFIXES = ['pugi_', 'sk_', 'sk-', 'pat_'];
-/**
- * Returns the trimmed candidate token, or `null` when neither path
- * produced one. Precedence: explicit flag arg beats env var (matches
- * `gh auth login --with-token`, `aws configure set`, and `pugi config`
- * which all prefer the most-specific operator intent over the ambient
- * env).
- */
-export function resolveEnvCandidateToken(input) {
-    const explicit = input.explicitKey?.trim();
-    if (explicit)
-        return explicit;
-    const env = input.env ?? process.env;
-    const fromEnv = env.PUGI_API_KEY?.trim();
-    if (fromEnv)
-        return fromEnv;
-    return null;
-}
-/**
- * Local-only format check. Returns `null` on accept, a human-readable
- * error string on reject. Deliberately lenient — the server-side
- * health probe is the source of truth. We only catch obvious paste
- * mistakes (empty, whitespace-laden, too short, looks like a URL or
- * a placeholder).
- */
-export function assertTokenFormat(token) {
-    if (!token)
-        return 'Token is empty';
-    if (/\s/.test(token)) {
-        return 'Token contains whitespace — check for shell quoting issues or a stray newline';
-    }
-    if (token.length < MIN_TOKEN_LENGTH) {
-        return `Token too short (${token.length} chars; Pugi tokens are >= ${MIN_TOKEN_LENGTH})`;
-    }
-    if (token.startsWith('<') && token.endsWith('>')) {
-        return 'Token looks like a placeholder (`<your-key>`) — replace with the actual key';
-    }
-    if (/^https?:\/\//i.test(token)) {
-        return 'Token looks like a URL — did you mean --api-url?';
-    }
-    // Accept either a recognised prefix OR a JWT three-segment shape.
-    // Anything else still passes — the server probe will catch genuinely
-    // unknown keys. We just want to surface an obvious mistake.
-    const hasKnownPrefix = RECOGNISED_TOKEN_PREFIXES.some((p) => token.startsWith(p));
-    if (!hasKnownPrefix && !looksLikeJwt(token)) {
-        // Soft-fail: warn the operator but proceed. Returning null here
-        // would mask the case where the operator pasted something
-        // genuinely wrong but the server happens to accept it (impossible
-        // for real keys but defence-in-depth). Returning the warning
-        // string would block legacy keys. We choose to proceed — the
-        // server is the source of truth — and let the CLI dispatcher
-        // decide whether to surface a note. Tracked via a separate
-        // `warnUnknownPrefix` return on a future revision.
-        return null;
-    }
-    return null;
-}
-/**
- * JWT three-segment check. Does NOT verify the signature — we just
- * want to recognise the shape so device-flow tokens copied from one
- * machine to another pass the format gate.
- */
-export function looksLikeJwt(token) {
-    const parts = token.split('.');
-    if (parts.length !== 3)
-        return false;
-    return parts.every((p) => /^[A-Za-z0-9_-]+$/.test(p) && p.length > 0);
-}
-/**
- * Call `GET /api/pugi/health` with the candidate token. Returns a
- * typed outcome that the CLI dispatcher can map directly to an exit
- * code + remediation string.
- *
- * Health endpoint conventions (see apps/admin-api):
- *  - 200 → token is valid, account is active
- *  - 401 → token unknown / malformed at the server boundary
- *  - 403 → token recognised but the account is suspended / paused
- *  - 5xx → server-side issue, operator can retry
- *  - network throw → DNS, refused, TLS — operator's connectivity issue
- *
- * We do not parse the body — the health endpoint's contract is the
- * status code. Any future field (latency, region, build sha) can be
- * surfaced by a separate `pugi doctor` probe without touching the
- * login path.
- */
-export async function validateTokenAgainstHealth(input) {
-    const fetchImpl = input.fetchImpl ?? fetch;
-    const now = input.now ?? Date.now;
-    const url = `${stripTrailingSlash(input.apiUrl)}/api/pugi/health`;
-    const started = now();
-    let response;
-    try {
-        response = await fetchImpl(url, {
-            method: 'GET',
-            headers: {
-                Authorization: `Bearer ${input.apiKey}`,
-                Accept: 'application/json',
-            },
-        });
-    }
-    catch (error) {
-        // DNS failure, ECONNREFUSED, TLS handshake — anything that makes
-        // fetch throw before a status code is observable. We deliberately
-        // do NOT echo the URL host in the message body if it could leak a
-        // self-hosted Anvil hostname into a public CI log; the dispatcher
-        // composes the user-facing remediation.
-        const cause = error instanceof Error ? error.message : String(error);
-        return {
-            kind: 'network-error',
-            message: `Cannot reach ${input.apiUrl}; check your connection`,
-            cause,
-        };
-    }
-    const latencyMs = now() - started;
-    const { status } = response;
-    if (status === 200) {
-        return { kind: 'ok', latencyMs };
-    }
-    if (status === 401 || status === 403) {
-        return {
-            kind: 'unauthorized',
-            status,
-            message: status === 401
-                ? 'Token invalid or expired — run `pugi login --provider device` to get a fresh one'
-                : 'Token recognised but the account is suspended — check `pugi whoami` on a working machine or contact support',
-        };
-    }
-    if (status >= 500) {
-        return {
-            kind: 'server-error',
-            status,
-            message: `${input.apiUrl} returned ${status}; retry in a moment`,
-        };
-    }
-    return {
-        kind: 'unexpected-status',
-        status,
-        message: `Unexpected ${status} from /api/pugi/health; treat as login failure`,
-    };
-}
-export async function resolveAndValidateEnvLogin(input) {
-    const token = resolveEnvCandidateToken({
-        explicitKey: input.explicitKey,
-        env: input.env,
-    });
-    if (!token) {
-        return {
-            kind: 'missing',
-            message: 'pugi login --provider env requires a token. Export PUGI_API_KEY in the current shell or pass --key <value>.',
-        };
-    }
-    const formatError = assertTokenFormat(token);
-    if (formatError) {
-        return {
-            kind: 'invalid-format',
-            message: `pugi login --provider env: ${formatError}`,
-        };
-    }
-    if (input.skipValidate) {
-        // Used by the existing `login-variants.spec.ts` regression suite
-        // so the test plane does not require a live network. Production
-        // path always validates.
-        return { kind: 'ok', token, latencyMs: 0 };
-    }
-    const probe = await validateTokenAgainstHealth({
-        apiUrl: input.apiUrl,
-        apiKey: token,
-        fetchImpl: input.fetchImpl,
-        now: input.now,
-    });
-    if (probe.kind === 'ok') {
-        return { kind: 'ok', token, latencyMs: probe.latencyMs };
-    }
-    return probe;
-}
-function stripTrailingSlash(url) {
-    return url.endsWith('/') ? url.slice(0, -1) : url;
-}
-//# sourceMappingURL=env-provider.js.map